Feature: Build static assets conditionally for Backoffice and Login

.gitignore

@@ -47,10 +47,6 @@ NDependOut/
 QueryResult.htm
 tools/docfx/
 
-# Ignore rule for clearing out Belle (avoid rebuilding all the time)
-preserve.bellissima
-preserve.login
-
 # csharp-docs
 /build/csharp-docs/api/
 /build/csharp-docs/_site/

Directory.Build.props

@@ -15,14 +15,20 @@
     <Nullable>enable</Nullable>
     <WarningsAsErrors>nullable</WarningsAsErrors>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-    <!--  TODO: [NU5104] Warning As Error: A stable release of a package should not have a prerelease dependency. Either modify the version spec of dependency -->
-    <NoWarn>$(NoWarn);NU5104</NoWarn>
-    <WarningsNotAsErrors>$(WarningsNotAsErrors);NU5104</WarningsNotAsErrors>
     <ImplicitUsings>enable</ImplicitUsings>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <WarnOnPackingNonPackableProject>false</WarnOnPackingNonPackableProject>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <!--
+      TODO: Fix and remove overrides:
+      [NU5104] Warning As Error: A stable release of a package should not have a prerelease dependency. Either modify the version spec of dependency
+    -->
+    <NoWarn>$(NoWarn),NU5104</NoWarn>
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),NU5104</WarningsNotAsErrors>
+  </PropertyGroup>
+
   <!-- SourceLink -->
   <PropertyGroup>
     <PublishRepositoryUrl>true</PublishRepositoryUrl>

Directory.Packages.props

@@ -3,13 +3,15 @@
   <PropertyGroup>
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
   </PropertyGroup>
+
   <!-- Global packages (private, build-time packages for all projects) -->
   <ItemGroup>
     <GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.6.146" />
     <GlobalPackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556" />
     <GlobalPackageReference Include="Umbraco.Code" Version="2.2.0" />
     <GlobalPackageReference Include="Umbraco.GitVersioning.Extensions" Version="0.2.0" />
   </ItemGroup>
+
   <!-- Microsoft packages -->
   <ItemGroup>
     <PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="9.0.0" />
@@ -35,11 +37,13 @@
     <PackageVersion Include="Microsoft.Extensions.Options.DataAnnotations" Version="9.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Caching.Hybrid" Version="9.0.0-preview.9.24556.5" />
   </ItemGroup>
+
   <!-- Umbraco packages -->
   <ItemGroup>
     <PackageVersion Include="Umbraco.JsonSchema.Extensions" Version="0.3.0" />
     <PackageVersion Include="Umbraco.CSharpTest.Net.Collections" Version="15.0.0" />
   </ItemGroup>
+
   <!-- Third-party packages -->
   <ItemGroup>
     <PackageVersion Include="Asp.Versioning.Mvc" Version="8.1.0" />
@@ -77,25 +81,26 @@
     <PackageVersion Include="SixLabors.ImageSharp.Web" Version="3.1.3" />
     <PackageVersion Include="Swashbuckle.AspNetCore" Version="7.0.0" />
   </ItemGroup>
+
   <!-- Transitive pinned versions (only required because our direct dependencies have vulnerable versions of transitive dependencies) -->
   <ItemGroup>
-    <!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Azure.Identity -->
+    <!-- Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer brings in a vulnerable version of Azure.Identity -->
     <PackageVersion Include="Azure.Identity" Version="1.13.1" />
-    <!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Azure.Identity -->
+    <!-- Microsoft.EntityFrameworkCore.SqlServer brings in a vulnerable version of System.Runtime.Caching -->
     <PackageVersion Include="System.Runtime.Caching" Version="9.0.0" />
     <!-- Dazinator.Extensions.FileProviders brings in a vulnerable version of System.Net.Http -->
     <PackageVersion Include="System.Net.Http" Version="4.3.4" />
     <!-- Examine brings in a vulnerable version of System.Security.Cryptography.Xml -->
     <PackageVersion Include="System.Security.Cryptography.Xml" Version="9.0.0" />
-    <!-- Both Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc bring in a vulnerable version of System.Text.RegularExpressions -->
+    <!-- Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc brings in a vulnerable version of System.Text.RegularExpressions -->
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
-    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
+    <!-- OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer brings in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
     <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.2.0" />
-    <!-- Both  Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer, Dazinator.Extensions.FileProviders bring in legacy versions of System.Text.Encodings.Web  -->
+    <!-- Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer and Dazinator.Extensions.FileProviders brings in a legacy version of System.Text.Encodings.Web -->
     <PackageVersion Include="System.Text.Encodings.Web" Version="9.0.0" />
-    <!-- NPoco.SqlServer bring in vulnerable version of Microsoft.Data.SqlClient  -->
+    <!-- NPoco.SqlServer brings in a vulnerable version of Microsoft.Data.SqlClient  -->
     <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.2.2" />
-    <!-- Examine.Lucene bring in a vulnerable version of Lucene.Net.Replicator -->
+    <!-- Examine.Lucene brings in a vulnerable version of Lucene.Net.Replicator -->
     <PackageVersion Include="Lucene.Net.Replicator" Version="4.8.0-beta00017" />
   </ItemGroup>
-</Project>
+</Project>

src/Umbraco.Cms.Api.Common/Umbraco.Cms.Api.Common.csproj

@@ -3,6 +3,7 @@
     <Title>Umbraco CMS - API Common</Title>
     <Description>Contains the bits and pieces that are shared between the Umbraco CMS APIs.</Description>
   </PropertyGroup>
+
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
   </ItemGroup>
@@ -13,14 +14,15 @@
     <PackageReference Include="Swashbuckle.AspNetCore" />
     <PackageReference Include="OpenIddict.Abstractions" />
     <PackageReference Include="OpenIddict.AspNetCore" />
+  </ItemGroup>
 
-    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
+  <ItemGroup>
+    <!-- Take top-level depedendency on Microsoft.IdentityModel.JsonWebTokens, because OpenIddict.AspNetCore depends on a vulnerable version -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
   </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\Umbraco.Core\Umbraco.Core.csproj" />
     <ProjectReference Include="..\Umbraco.Web.Common\Umbraco.Web.Common.csproj" />
-
   </ItemGroup>
 </Project>

src/Umbraco.Cms.Api.Delivery/Umbraco.Cms.Api.Delivery.csproj

@@ -3,20 +3,21 @@
     <Title>Umbraco CMS - Delivery API</Title>
     <Description>Contains the presentation layer for the Umbraco CMS Delivery API.</Description>
   </PropertyGroup>
+
   <PropertyGroup>
-    <!--  TODO: [ASP0019] use IHeaderDictionary.Append or the indexer to append or set headers,
-          and remove this override -->
-    <WarningsNotAsErrors>ASP0019</WarningsNotAsErrors>
+    <!--
+      TODO: Fix and remove overrides:
+      [ASP0019] use IHeaderDictionary.Append or the indexer to append or set headers
+      [CS0618/CS0612] update obsolete references
+    -->
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),ASP0019,CS0618,CS0612</WarningsNotAsErrors>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\Umbraco.Cms.Api.Common\Umbraco.Cms.Api.Common.csproj" />
     <ProjectReference Include="..\Umbraco.Web.Common\Umbraco.Web.Common.csproj" />
   </ItemGroup>
 
-  <PropertyGroup>
-    <!-- TODO: Fix all warnings and remove this override -->
-    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
-  </PropertyGroup>
   <ItemGroup>
     <AssemblyAttribute Include="System.Runtime.CompilerServices.InternalsVisibleTo">
       <_Parameter1>Umbraco.Tests.UnitTests</_Parameter1>

src/Umbraco.Cms.Api.Management/Umbraco.Cms.Api.Management.csproj

@@ -2,22 +2,27 @@
   <PropertyGroup>
     <Title>Umbraco CMS - Management API</Title>
     <Description>Contains the presentation layer for the Umbraco CMS Management API.</Description>
-    <IsPackable>true</IsPackable>
-    <EnablePackageValidation>false</EnablePackageValidation>
-    <AssemblyName>Umbraco.Cms.Api.Management</AssemblyName>
-    <RootNamespace>Umbraco.Cms.Api.Management</RootNamespace>
   </PropertyGroup>
+
   <PropertyGroup>
-    <!--    TODO: Fix [SA1117] params all on same line, [SA1401] make fields private,
-            [SA1134] own line attributes, [CS0108] hidden inherited member, [CS0618]/[CS9042] update
-            obsolete references, [CS1998] remove async or make method synchronous, [CS8524] switch statement,
-            [IDE0060] removed unused parameter, [SA1649] file name match type, [CS0419] ambiguous reference,
-            [CS1573] param tag for all parameters, [CS1574] unresolveable cref, and remove overrides -->
-    <WarningsNotAsErrors>
-      SA1117,SA1401,SA1134,CS0108,CS0618,CS1998,CS8524,CS9042,IDE0060,SA1649,CS0419,
-      CS1573,CS1574
-    </WarningsNotAsErrors>
+    <!--
+      TODO: Fix and remove overrides:
+      [SA1117] params all on same line
+      [SA1401] make fields private
+      [SA1134] own line attributes
+      [CS0108] hidden inherited member
+      [CS0618]/[CS9042] update obsolete references
+      [CS1998] remove async or make method synchronous
+      [CS8524] switch statement
+      [IDE0060] removed unused parameter
+      [SA1649] file name match type
+      [CS0419] ambiguous reference
+      [CS1573] param tag for all parameters
+      [CS1574] unresolveable cref
+    -->
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),SA1117,SA1401,SA1134,CS0108,CS0618,CS9042,CS1998,CS8524,IDE0060,SA1649,CS0419,CS1573,CS1574</WarningsNotAsErrors>
   </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="JsonPatch.Net" />
     <PackageReference Include="Swashbuckle.AspNetCore" />
@@ -41,8 +46,4 @@
   <ItemGroup>
     <EmbeddedResource Include="OpenApi.json" />
   </ItemGroup>
-
-  <ItemGroup>
-    <Compile Remove="Security\Authorization\Dictionary\IDictionaryPermissionAuthorizer.cs" />
-  </ItemGroup>
 </Project>

src/Umbraco.Cms.Persistence.EFCore.SqlServer/Umbraco.Cms.Persistence.EFCore.SqlServer.csproj

@@ -3,17 +3,18 @@
     <Title>Umbraco CMS - Persistence - Entity Framework Core - SQL Server migrations</Title>
     <Description>Adds support for Entity Framework Core SQL Server migrations to Umbraco CMS.</Description>
   </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
+  </ItemGroup>
+
   <ItemGroup>
     <!-- Take top-level depedendency on Azure.Identity, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
     <PackageReference Include="Azure.Identity" />
     <!-- Take top-level depedendency on System.Runtime.Caching, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
     <PackageReference Include="System.Runtime.Caching" />
-
-    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
-
-
-    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
+    <!-- Take top-level depedendency on Microsoft.IdentityModel.JsonWebTokens, because OpenIddict.AspNetCore, NPoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
   </ItemGroup>
 
   <ItemGroup>

src/Umbraco.Cms.Persistence.EFCore/Umbraco.Cms.Persistence.EFCore.csproj

@@ -3,24 +3,30 @@
     <Title>Umbraco CMS - Persistence - Entity Framework Core</Title>
     <Description>Adds support for Entity Framework Core to Umbraco CMS.</Description>
   </PropertyGroup>
+
   <PropertyGroup>
-    <!--  TODO: [IDE0270] Simplify null checks, [CS0108] resolve hiding inherited members, [CS1998]
-          remove async or make method synchronous, and remove these overrides -->
-    <WarningsNotAsErrors>IDE0270,CS0108,CS1998</WarningsNotAsErrors>
+    <!--
+      TODO: Fix and remove overrides:
+      [IDE0270] Simplify null checks
+      [CS0108] resolve hiding inherited members
+      [CS1998] remove async or make method synchronous
+    -->
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),IDE0270,CS0108,CS1998</WarningsNotAsErrors>
   </PropertyGroup>
-  <ItemGroup>
 
+  <ItemGroup>
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />
     <PackageReference Include="OpenIddict.EntityFrameworkCore" />
+  </ItemGroup>
 
+  <ItemGroup>
     <!-- Take top-level depedendency on Azure.Identity, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
     <PackageReference Include="Azure.Identity" />
     <!-- Take top-level depedendency on System.Runtime.Caching, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
     <PackageReference Include="System.Runtime.Caching" />
-
-    <!-- Both  Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer, Dazinator.Extensions.FileProviders bring in legacy versions of System.Text.Encodings.Web  -->
-    <PackageReference Include="System.Text.Encodings.Web"/>
+    <!-- Take top-level depedendency on System.Text.Encodings.Web, because Microsoft.EntityFrameworkCore.SqlServer brings in a legacy version -->
+    <PackageReference Include="System.Text.Encodings.Web" />
   </ItemGroup>
 
   <ItemGroup>

src/Umbraco.Cms.Persistence.SqlServer/Umbraco.Cms.Persistence.SqlServer.csproj

@@ -3,30 +3,39 @@
     <Title>Umbraco CMS - Persistence - SQL Server</Title>
     <Description>Adds support for SQL Server to Umbraco CMS.</Description>
   </PropertyGroup>
+
   <PropertyGroup>
-    <!--  TODO: [SA1405] Debug assret message text, [SA1121] resolve hiding inherited members, [SA1117] remove
-          async or make method synchronous, [IDE1006] fix naming rule violation, [CS0618] handle member
-          obsolete appropriately, [IDE0270] simplify null check, [IDE0057] simplify substring, [IDE0054]
-          use compound assignment, [CSO618] use NVARCARMAX, [IDE0048] add parenthesis for clarity,
-          [CS1574] resolve ML comment cref attribute, and remove these overrides -->
-    <WarningsNotAsErrors>
-      SA1405,SA1121,SA1117,SA1116,IDE1006,CS0618,IDE0270,IDE0057,IDE0054,CSO618,IDE0048,
-      CS1574
-    </WarningsNotAsErrors>
+    <!--
+      TODO: Fix and remove overrides:
+      [SA1405] Debug assret message text
+      [SA1121] resolve hiding inherited members
+      [SA1117] remove async or make method synchronous
+      [IDE1006] fix naming rule violation
+      [CS0618] handle member obsolete appropriately
+      [IDE0270] simplify null check
+      [IDE0057] simplify substring
+      [IDE0054] use compound assignment
+      [CSO618] use NVARCARMAX
+      [IDE0048] add parenthesis for clarity
+      [CS1574] resolve ML comment cref attribute
+    -->
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),SA1405,SA1121,SA1117,IDE1006,CS0618,IDE0270,IDE0057,IDE0054,CSO618,IDE0048,CS1574</WarningsNotAsErrors>
   </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="NPoco.SqlServer" />
+  </ItemGroup>
+
   <ItemGroup>
     <!-- Take top-level depedendency on Azure.Identity, because NPoco.SqlServer depends on a vulnerable version -->
     <PackageReference Include="Azure.Identity" />
-    <PackageReference Include="NPoco.SqlServer" />
     <!-- Take top-level depedendency on System.Runtime.Caching, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
     <PackageReference Include="System.Runtime.Caching" />
-    <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
-
-    <!-- Both  Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer, Dazinator.Extensions.FileProviders bring in legacy versions of System.Text.Encodings.Web  -->
-    <PackageReference Include="System.Text.Encodings.Web"/>
-
-    <!-- NPoco.SqlServer bring in vulnerable version of Microsoft.Data.SqlClient  -->
+    <!-- Take top-level depedendency on Microsoft.IdentityModel.JsonWebTokens, because OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
+    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
+    <!-- Take top-level depedendency on System.Text.Encodings.Web, because Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer, Dazinator.Extensions.FileProviders depends on a vulnerable version -->
+    <PackageReference Include="System.Text.Encodings.Web" />
+    <!-- Take top-level depedendency on Microsoft.Data.SqlClient, because NPoco.SqlServer depends on a vulnerable version -->
     <PackageReference Include="Microsoft.Data.SqlClient" />
   </ItemGroup>
 

src/Umbraco.Cms.Persistence.Sqlite/Umbraco.Cms.Persistence.Sqlite.csproj

@@ -3,10 +3,15 @@
     <Title>Umbraco CMS - Persistence - SQLite</Title>
     <Description>Adds support for SQLite to Umbraco CMS.</Description>
   </PropertyGroup>
+
   <PropertyGroup>
-    <!--  TODO: [CS0114] Resolve hiding inherited members and remove this override -->
-    <WarningsNotAsErrors>CS0114</WarningsNotAsErrors>
+    <!--
+      TODO: Fix and remove overrides:
+      [CS0114] Resolve hiding inherited members
+    -->
+    <WarningsNotAsErrors>$(WarningsNotAsErrors),CS0114</WarningsNotAsErrors>
   </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.Data.Sqlite" />
   </ItemGroup>